Unified Security policy support for ZBFW

[cmohorea]

I'm trying to reverse engineer existing security policy with zbfw, and it seems that support is missing for the unified policies.
One difference that I see on API level is that zone-pair assignment is moved from (in TF terms) sdwan_zone_based_firewall_policy_definition resource to the sdwan_security_policy:
API object:

{
  "policyName": "SITE-SECURITY-POLICY",
  "policyDescription": "SITE-SECURITY-POLICY",
  "policyMode": "unified",
  "policyDefinition": {
    "assembly": [
      {
        "definitionId": "07d15d38-e850-44a2-8fda-f12c6575f2ba",
        "type": "zoneBasedFW",
        "entries": [
          {
            "srcZoneListId": "411f8b1e-98f2-4c0b-83b9-eb2b2eb7c3ad",             <------
            "dstZoneListId": "d2cd15e0-19d6-4b93-921f-b04ad8264b88"              <------
          },
...

but this option is missing in the resource schema

at the same time, apply_zone_pairs now is not a part of sdwan_zone_based_firewall_policy_definition when it's used in the unified security policy, but it fails with the error:

Error: Missing required argument

  on sdwan-tf-import-main.tf line 22461, in resource "sdwan_zone_based_firewall_policy_definition" "AA-RulesSet-DIA":
22461: resource "sdwan_zone_based_firewall_policy_definition" "AA-RulesSet-DIA" {

The argument "apply_zone_pairs" is required, but no definition was found.

some other things may be missing/changed but cannot verify until at least this is fixed

[mccamicha]

+1